[plug] WinNT Server Access Problem

Tue, 18 Sep 2001 19:34:02 -0700 


We have two NT 4.0 running IIS, suddenly our squid went down because of
disk space problme, we check our log files and it eats pur disk space
beacuse of our NT Machines try to resolv this all the time:

255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe
? - DIRECT/www -
1000866350.455      1 208.142.136.115 TCP_MISS/503 1202 GET
http://www/scripts/.
.%c1%1c../winnt/system32/cmd.exe? - DIRECT/www -
1000866350.487      1 208.142.136.115 TCP_MISS/503 1168 GET
http://www/c/winnt/s
ystem32/cmd.exe? - DIRECT/www -
1000866350.496      1 208.142.136.115 TCP_MISS/503 1168 GET
http://www/d/winnt/s
ystem32/cmd.exe? - DIRECT/www -
1000866350.505      2 208.142.136.115 TCP_MISS/503 1200 GET
http://www/scripts/.
.%255c../winnt/system32/cmd.exe? - DIRECT/www -
1000866350.514      2 208.142.136.115 TCP_MISS/503 1242 GET
http://www/_vti_bin/
..%255c../..%255c../..%255c../winnt/system32/cmd.exe? - DIRECT/www -
1000866350.530      1 208.142.136.115 TCP_MISS/503 1242 GET
http://www/_mem_bin/
..%255c../..%255c../..%255c../winnt/system32/cmd.exe? - DIRECT/www -
1000866350.539      2 208.142.136.115 TCP_MISS/503 1299 GET
http://www/msadc/..%
255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe
? - DIRECT/www -
1000866350.548      2 208.142.136.115 TCP_MISS/503 1202 GET
http://www/scripts/.
.%c1%1c../winnt/system32/cmd.exe? - DIRECT/www -
1000866350.557      1 208.142.136.115 TCP_MISS/503 1202 GET
http://www/scripts/.
.%c0%2f../winnt/system32/cmd.exe? - DIRECT/www -                               

anyone can explain this? this is a virus? pls HELP!!!

-- 
===============================================================================
Arvin V. Carlos                           Office Phone: 
Linux System Administrator                (047)237-6001/237-6002
Pccomshop Inc.                            http://www.pccomshop.com

                  -- Some people are afraid of nothing! --
===============================================================================


_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to